Re: [Cfrg] I like PKEX
"Salz, Rich" <rsalz@akamai.com> Thu, 16 November 2017 07:22 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED7751294F0 for <cfrg@ietfa.amsl.com>; Wed, 15 Nov 2017 23:22:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.711
X-Spam-Level:
X-Spam-Status: No, score=-0.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7XELxGDBmtn0 for <cfrg@ietfa.amsl.com>; Wed, 15 Nov 2017 23:22:35 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2440D12894A for <cfrg@irtf.org>; Wed, 15 Nov 2017 23:22:35 -0800 (PST)
Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id vAG7HM0W004065; Thu, 16 Nov 2017 07:22:32 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=xGjfuFPE5sSgeNHef19yiKdf+jbYbQL1EwVy50ZIVJk=; b=fA8F2D7ilNVl+oW018IZxraF1ApE4/0NnKRojPWUz5hLarGBjJUtv36dga1NirRvrcFH sUCFOUQ92Z3FdIo27dhwIJFvE4TXvBD4y4KZ169lYhB99n0yUbzefGt47OtAMvCEMfqK 06d3kmZ++tWQJft/74U2zH1aFX+aNHv/D8L6Py+w6RT7ooM09iBQDpeTtuPl97AxmWLq CEb7HnoK2LlO6ApR7rYyo6R/G00tyfWY+mR8iQjisAtANXR1X4XuUOxhbU3qiyAomfL3 yerEIN970PoBTGU/HtKv5J9I75sjYGIq1jmimQEQhyfaVlg79e3iqCP+Wtp5HgjKdW7C Cg==
Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19]) by m0050095.ppops.net-00190b01. with ESMTP id 2e8d5kku6d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 16 Nov 2017 07:22:32 +0000
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.21/8.16.0.21) with SMTP id vAG7HXEl030866; Thu, 16 Nov 2017 02:22:31 -0500
Received: from email.msg.corp.akamai.com ([172.27.123.31]) by prod-mail-ppoint2.akamai.com with ESMTP id 2e7p3wrh6g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 16 Nov 2017 02:22:31 -0500
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb4.msg.corp.akamai.com (172.27.123.104) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 16 Nov 2017 02:22:30 -0500
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Thu, 16 Nov 2017 02:22:30 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: Richard Barnes <rlb@ipv.sx>
CC: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] I like PKEX
Thread-Index: AQHTXqoTZAQltIulBkOMVFlFBjIuLqMW7WcAgAAAaIA=
Date: Thu, 16 Nov 2017 07:22:29 +0000
Message-ID: <4284CE2B-1D0C-421A-BEF1-8B319C252851@akamai.com>
References: <EA0997AC-6EB9-4649-8502-9A185A77760D@akamai.com> <CAL02cgT5hAfoga82Opb20C8sB63Hr4bSxssF+N-o=uPtQCoZZA@mail.gmail.com>
In-Reply-To: <CAL02cgT5hAfoga82Opb20C8sB63Hr4bSxssF+N-o=uPtQCoZZA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.27.0.171010
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.147.27]
Content-Type: multipart/alternative; boundary="_000_4284CE2B1D0C421ABEF18B319C252851akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-11-16_01:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1711160102
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-11-16_01:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1711160102
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Pm8-e-HiBOlQzIDNAcyOFmSsSrc>
Subject: Re: [Cfrg] I like PKEX
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 07:22:37 -0000
https://datatracker.ietf.org/meeting/100/materials/slides-100-cfrg-public-key-exchange/ Sorry, what is PKEX? On Thu, Nov 16, 2017 at 3:11 PM, Salz, Rich <rsalz@akamai.com<mailto:rsalz@akamai.com>> wrote: I think the PKEX stuff is very interesting. It inverts the trust model used on the Web. Suppose I want to do some online banking with mybank.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__mybank.com&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=3nrJp_EjXY0gocLaBMzudoJZuVwi3c9JcbPTl7mDBEg&s=4XLBpZhzsnlZQkUITgKM9BCxc9CSujlbL3eM5mxyHm8&e=>. My browser checks the server cert, and decided to trust it if the CA verifies the identity. I then type my name and password into the website. There is a risk if I end up at the wrong website. With PKEX, I can use my name and password and the bank can use something like my account number or other similar info, and we exchange and get a shared secret. We then use that secret to get an authenticated ECDSA key and then I switch to TLS and get its benefits. No third-party trust is needed. I think this solves an interesting use-case and it would be nice to have it in our toolbox. _______________________________________________ Cfrg mailing list Cfrg@irtf.org<mailto:Cfrg@irtf.org> https://www.irtf.org/mailman/listinfo/cfrg<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.irtf.org_mailman_listinfo_cfrg&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=3nrJp_EjXY0gocLaBMzudoJZuVwi3c9JcbPTl7mDBEg&s=yK-DSwfnhPkfWPH4QM5bD43yMpRZCdPZQGA8VUa6ADU&e=>
- [Cfrg] I like PKEX Salz, Rich
- Re: [Cfrg] I like PKEX Richard Barnes
- Re: [Cfrg] I like PKEX Salz, Rich
- Re: [Cfrg] I like PKEX Stanislav V. Smyshlyaev
- Re: [Cfrg] I like PKEX Stanislav V. Smyshlyaev
- Re: [Cfrg] I like PKEX David Jacobson
- Re: [Cfrg] I like PKEX Stanislav V. Smyshlyaev
- Re: [Cfrg] I like PKEX Dan Harkins